Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Domain controller GPO does not deny logon locally right to IWAM_machinename when running aspnet.wp.exe

Reply
Thread Tools

Domain controller GPO does not deny logon locally right to IWAM_machinename when running aspnet.wp.exe

 
 
\Rob\
Guest
Posts: n/a
 
      05-09-2004
On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
runs under the IWAM_machinename acount (IIS 5). I have expressly denied this
user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinename registry hive remains loaded when the process ends. I have
to manually unload it with regedt32.exe. Is this normal behavior?


 
Reply With Quote
 
 
 
 
Brian Desmond [MVP]
Guest
Posts: n/a
 
      05-09-2004
Denying log on locally doesn't prevent a service logon, which is what's
happening in this case. If you don't want the user to logon in any scenario,
you'll need to deny service, batch, and network logon rights too.

--
--
Brian Desmond
Windows Server MVP
http://www.velocityreviews.com/forums/(E-Mail Removed)12.il.us

Http://www.briandesmond.com


""Rob"" <@> wrote in message news:(E-Mail Removed)...
> On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
> runs under the IWAM_machinename acount (IIS 5). I have expressly denied

this
> user the logon locally right in the domain controller GPO and yet this
> profile gets created under the Document and Settings folder. The
> IWAM_machinename registry hive remains loaded when the process ends. I

have
> to manually unload it with regedt32.exe. Is this normal behavior?
>
>



 
Reply With Quote
 
 
 
 
\Rob\
Guest
Posts: n/a
 
      05-10-2004
Ok, so why does IWAM_machinename registry hive remain loaded when the
aspnet_wp.exe process ends? I have to manually unload it with regedt32.exe.
Is this normal behavior?

Thanks for the tip Brian
--

"Brian Desmond [MVP]" <(E-Mail Removed)12.il.us> wrote in message
news:%(E-Mail Removed)...
> Denying log on locally doesn't prevent a service logon, which is what's
> happening in this case. If you don't want the user to logon in any

scenario,
> you'll need to deny service, batch, and network logon rights too.
>
> --
> --
> Brian Desmond
> Windows Server MVP
> (E-Mail Removed)12.il.us
>
> Http://www.briandesmond.com
>
>
> ""Rob"" <@> wrote in message news:(E-Mail Removed)...
> > On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
> > runs under the IWAM_machinename acount (IIS 5). I have expressly denied

> this
> > user the logon locally right in the domain controller GPO and yet this
> > profile gets created under the Document and Settings folder. The
> > IWAM_machinename registry hive remains loaded when the process ends. I

> have
> > to manually unload it with regedt32.exe. Is this normal behavior?
> >
> >

>
>



 
Reply With Quote
 
Brian Desmond [MVP]
Guest
Posts: n/a
 
      05-11-2004
IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
unload when the IISAdmin service shutsdown.

--
--
Brian Desmond
Windows Server MVP
(E-Mail Removed)12.il.us

Http://www.briandesmond.com


""Rob"" <@> wrote in message news:(E-Mail Removed)...
> Ok, so why does IWAM_machinename registry hive remain loaded when the
> aspnet_wp.exe process ends? I have to manually unload it with

regedt32.exe.
> Is this normal behavior?
>
> Thanks for the tip Brian
> --
>
> "Brian Desmond [MVP]" <(E-Mail Removed)12.il.us> wrote in message
> news:%(E-Mail Removed)...
> > Denying log on locally doesn't prevent a service logon, which is what's
> > happening in this case. If you don't want the user to logon in any

> scenario,
> > you'll need to deny service, batch, and network logon rights too.
> >
> > --
> > --
> > Brian Desmond
> > Windows Server MVP
> > (E-Mail Removed)12.il.us
> >
> > Http://www.briandesmond.com
> >
> >
> > ""Rob"" <@> wrote in message

news:(E-Mail Removed)...
> > > On a domain controller, the ASPNET (v1.1) worker process

(aspnet.wp.exe)
> > > runs under the IWAM_machinename acount (IIS 5). I have expressly

denied
> > this
> > > user the logon locally right in the domain controller GPO and yet this
> > > profile gets created under the Document and Settings folder. The
> > > IWAM_machinename registry hive remains loaded when the process ends. I

> > have
> > > to manually unload it with regedt32.exe. Is this normal behavior?
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
\Rob\
Guest
Posts: n/a
 
      05-12-2004
It doesn't

--

"Brian Desmond [MVP]" <(E-Mail Removed)12.il.us> wrote in message
news:(E-Mail Removed)...
> IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
> unload when the IISAdmin service shutsdown.
>
> --
> --
> Brian Desmond
> Windows Server MVP
> (E-Mail Removed)12.il.us
>
> Http://www.briandesmond.com
>
>
> ""Rob"" <@> wrote in message news:(E-Mail Removed)...
> > Ok, so why does IWAM_machinename registry hive remain loaded when the
> > aspnet_wp.exe process ends? I have to manually unload it with

> regedt32.exe.
> > Is this normal behavior?
> >
> > Thanks for the tip Brian
> > --
> >
> > "Brian Desmond [MVP]" <(E-Mail Removed)12.il.us> wrote in message
> > news:%(E-Mail Removed)...
> > > Denying log on locally doesn't prevent a service logon, which is

what's
> > > happening in this case. If you don't want the user to logon in any

> > scenario,
> > > you'll need to deny service, batch, and network logon rights too.
> > >
> > > --
> > > --
> > > Brian Desmond
> > > Windows Server MVP
> > > (E-Mail Removed)12.il.us
> > >
> > > Http://www.briandesmond.com
> > >
> > >
> > > ""Rob"" <@> wrote in message

> news:(E-Mail Removed)...
> > > > On a domain controller, the ASPNET (v1.1) worker process

> (aspnet.wp.exe)
> > > > runs under the IWAM_machinename acount (IIS 5). I have expressly

> denied
> > > this
> > > > user the logon locally right in the domain controller GPO and yet

this
> > > > profile gets created under the Document and Settings folder. The
> > > > IWAM_machinename registry hive remains loaded when the process ends.

I
> > > have
> > > > to manually unload it with regedt32.exe. Is this normal behavior?
> > > >
> > > >
> > >
> > >

> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Promotion of Additional Domain Controller to a Domain Controller Abaaseen MCSE 9 01-19-2009 07:31 PM
Cannot logon to domain beacuse of domain controller crash sechem@gmail.com Computer Support 2 09-23-2007 04:31 PM



Advertisments